On Fri, Jan 02, 2004 at 12:29:44AM +, Pigeon wrote:
> On Thu, Jan 01, 2004 at 10:02:36PM +, Colin Watson wrote:
> > Perhaps the remote end is configured with 'ALL: PARANOID' in hosts.deny,
>
> Can't check without going there :-) but I'm fairly sure this is the case,
> from memory.
>
> > a
Jan Minar wrote:
On Fri, Jan 02, 2004 at 08:50:23AM +, Adam Barton wrote:
Jan Minar wrote:
Now the wisdom: Some 101% of the bragging about computer security is
just that: bragging.
Including this thread, of course.
Yes. I understood this to be your intended meaning, and I a
On Fri, Jan 02, 2004 at 08:36:53AM +0100, Jan Minar wrote:
> Nice. So if an exploit leaks to the script kiddies, you would be cracked
> only 1-2 times a day. Hopefully the first one to get in will move sshd
> back to 22/tcp and patch the binary.
It's currently running on port 443. I'm pretty su
On Fri, Jan 02, 2004 at 08:50:23AM +, Adam Barton wrote:
> Jan Minar wrote:
>
> >Now the wisdom: Some 101% of the bragging about computer security is
> >just that: bragging.
Including this thread, of course.
--
Jan Minar "Please don't CC me, I'm subscribed." x 7
pgp0
Jan Minar wrote:
Now the wisdom: Some 101% of the bragging about computer security is
just that: bragging.
Yes indeed. This is very true.
Adam.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Greg Norris wrote:
On Thu, Jan 01, 2004 at 11:47:36PM +0100, Jan Minar wrote:
At least then a script kiddy won't simply find port 22 open and
start to bruteforce your ssh password. He has to scan higher than
normal to find your SSH which he/she is less likely to do.
This is a ``security
On Thu, Jan 01, 2004 at 10:36:09PM -0600, Greg Norris wrote:
> non-standard port (strictly for connectivity reasons). Before the
> change, I was getting several dozen scans and exploit attempts daily.
> Afterward, 1-2 scans per day is the norm.
Nice. So if an exploit leaks to the script kiddies
On Thu, Jan 01, 2004 at 11:47:36PM +0100, Jan Minar wrote:
> > At least then a script kiddy won't simply find port 22 open and
> > start to bruteforce your ssh password. He has to scan higher than
> > normal to find your SSH which he/she is less likely to do.
>
> This is a ``security by obscurity'
On Fri, Jan 02, 2004 at 01:24:43AM +, Adam Barton wrote:
> Do you agree that perhaps there is some wisdom in my advice?
Simple setups tend to contain simple weak points. Obscure setups tend to
contain obscure weaknesses which are often hard to spot from your side
of the barricade. See Sun Tz
Jan Minar wrote:
On Thu, Jan 01, 2004 at 06:06:34PM -0500, Johann Koenig wrote:
On Thursday January 1 at 11:47pm
Jan Minar <[EMAIL PROTECTED]> wrote:
On Thu, Jan 01, 2004 at 09:42:09PM +, Adam Barton wrote:
At least then a script kiddy won't simply find port 22 open and
start t
On Thu, Jan 01, 2004 at 10:02:36PM +, Colin Watson wrote:
> On Thu, Jan 01, 2004 at 07:30:39PM +, Pigeon wrote:
> > On the following setup:
> >
> > Local end Remote end
> > InternetLAN
> >
On Thu, Jan 01, 2004 at 06:06:34PM -0500, Johann Koenig wrote:
> On Thursday January 1 at 11:47pm
> Jan Minar <[EMAIL PROTECTED]> wrote:
>
> > On Thu, Jan 01, 2004 at 09:42:09PM +, Adam Barton wrote:
> > > At least then a script kiddy won't simply find port 22 open and
> > > start to brutefor
On Thursday January 1 at 11:47pm
Jan Minar <[EMAIL PROTECTED]> wrote:
> On Thu, Jan 01, 2004 at 09:42:09PM +, Adam Barton wrote:
> > What would do in this case, is, rather than forwarding port 22 to
> > port 22 on an internal host, do say forward 10001 to internalhost1,
> > 10002 to internalh
On Thu, Jan 01, 2004 at 09:42:09PM +, Adam Barton wrote:
> What would do in this case, is, rather than forwarding port 22 to port
> 22 on an internal host, do say forward 10001 to internalhost1, 10002 to
> internalhost2 etc. as required instead. Then leave 22 open for
> connections to the bo
On Thu, Jan 01, 2004 at 07:30:39PM +, Pigeon wrote:
> On the following setup:
>
> Local end Remote end
> InternetLAN
> Local box:ppp0---ppp0:NAT box:eth0---Other boxes
Pigeon wrote:
On the following setup:
Local end Remote end
InternetLAN
Local box:ppp0---ppp0:NAT box:eth0---Other boxes
From the local end, I can ping the remo
On Thu, Jan 01, 2004 at 07:30:39PM +, Pigeon wrote:
> debug1: Connection established.
It's not a NAT problem you've got through.
You may find nc(1) and nmap(1) useful in debugging.
--
Jan Minar "Please don't CC me, I'm subscribed." x 4
pgp0.pgp
Description: PGP si
On the following setup:
Local end Remote end
InternetLAN
Local box:ppp0---ppp0:NAT box:eth0---Other boxes
From the local end, I can ping the remote end OK, but
18 matches
Mail list logo
